eligible 2.6.1 → 2.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/ChangeLog +8 -4
- data/lib/eligible.rb +3 -0
- data/lib/eligible/encryptor.rb +115 -0
- data/lib/eligible/lockbox.rb +39 -0
- data/lib/eligible/public_key.rb +27 -0
- data/lib/eligible/version.rb +1 -1
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c044453aea1d5ef70a34c8e8b2e08bd0bdd9e65
|
|
4
|
+
data.tar.gz: 3219b7cba1332fb1a8b9cf8254f731242aa05bd4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eceba947c63c89845382f4bfdc5734bc78eee5ae190bcdc7a6fb51675b2f896da9c7ed9bd2b0e66ce425d4606a6ffbf4d7d7c8a866e768863f3b187c8c690760
|
|
7
|
+
data.tar.gz: 2555d78ea46984e2b12afca36cd79a76d6887868bbd4fdafae7406afa0e9c9472ac522484e7f4cb38761b804b9195b83b173c14f5f67835e3c1004edbc99cb95
|
data/.ruby-version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
2.2.3
|
data/ChangeLog
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
|
+
2016-08-31 Eligible <support@eligible.com>
|
|
2
|
+
* 2.6.2
|
|
3
|
+
- New APIs added in testing mode, no public-facing changes
|
|
4
|
+
|
|
1
5
|
2016-05-10 Eligible <support@eligible.com>
|
|
2
6
|
* 2.6.1
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
+
- Suppressing ssl_verify_callback return code warning
|
|
8
|
+
- Added new endpoints: received_pdf, precert and referral
|
|
9
|
+
- Refactored the code and fixed couple of bugs
|
|
10
|
+
- Documentation updates for the endpoints
|
|
7
11
|
|
|
8
12
|
2016-02-23 Eligible <support@eligible.com>
|
|
9
13
|
|
data/lib/eligible.rb
CHANGED
|
@@ -8,6 +8,7 @@ require 'rest_client'
|
|
|
8
8
|
require 'multi_json'
|
|
9
9
|
|
|
10
10
|
require 'eligible/version'
|
|
11
|
+
require 'eligible/encryptor'
|
|
11
12
|
require 'eligible/util'
|
|
12
13
|
require 'eligible/json'
|
|
13
14
|
require 'eligible/eligible_object'
|
|
@@ -28,6 +29,8 @@ require 'eligible/payer'
|
|
|
28
29
|
require 'eligible/preauth_resource'
|
|
29
30
|
require 'eligible/precert'
|
|
30
31
|
require 'eligible/referral'
|
|
32
|
+
require 'eligible/public_key'
|
|
33
|
+
require 'eligible/lockbox'
|
|
31
34
|
|
|
32
35
|
# Errors
|
|
33
36
|
require 'eligible/errors/eligible_error'
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
|
|
3
|
+
module Eligible
|
|
4
|
+
# A simple wrapper for the standard OpenSSL library
|
|
5
|
+
module Encryptor
|
|
6
|
+
|
|
7
|
+
extend self
|
|
8
|
+
|
|
9
|
+
# The default options to use when calling the <tt>encrypt</tt> and <tt>decrypt</tt> methods
|
|
10
|
+
#
|
|
11
|
+
# Defaults to { algorithm: 'aes-256-gcm',
|
|
12
|
+
# auth_data: '',
|
|
13
|
+
# insecure_mode: false,
|
|
14
|
+
# hmac_iterations: 2000,
|
|
15
|
+
# v2_gcm_iv: false }
|
|
16
|
+
#
|
|
17
|
+
# Run 'openssl list-cipher-commands' in your terminal to view a list all cipher algorithms that are supported on your platform
|
|
18
|
+
def default_options
|
|
19
|
+
@default_options ||= { algorithm: 'aes-256-cbc',
|
|
20
|
+
auth_data: '',
|
|
21
|
+
insecure_mode: false,
|
|
22
|
+
hmac_iterations: 2000,
|
|
23
|
+
v2_gcm_iv: false }
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
# Encrypts a <tt>:value</tt> with a specified <tt>:key</tt> and <tt>:iv</tt>.
|
|
27
|
+
#
|
|
28
|
+
# Optionally accepts <tt>:salt</tt>, <tt>:auth_data</tt>, <tt>:algorithm</tt>, <tt>:hmac_iterations</tt>, and <tt>:insecure_mode</tt> options.
|
|
29
|
+
#
|
|
30
|
+
# Example
|
|
31
|
+
#
|
|
32
|
+
# encrypted_value = Encryptor.encrypt(value: 'some string to encrypt', key: 'some secret key', iv: 'some unique value', salt: 'another unique value')
|
|
33
|
+
# # or
|
|
34
|
+
# encrypted_value = Encryptor.encrypt('some string to encrypt', key: 'some secret key', iv: 'some unique value', salt: 'another unique value')
|
|
35
|
+
def encrypt(*args, &block)
|
|
36
|
+
crypt :encrypt, *args, &block
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
# Decrypts a <tt>:value</tt> with a specified <tt>:key</tt> and <tt>:iv</tt>.
|
|
40
|
+
#
|
|
41
|
+
# Optionally accepts <tt>:salt</tt>, <tt>:auth_data</tt>, <tt>:algorithm</tt>, <tt>:hmac_iterations</tt>, and <tt>:insecure_mode</tt> options.
|
|
42
|
+
#
|
|
43
|
+
# Example
|
|
44
|
+
#
|
|
45
|
+
# decrypted_value = Encryptor.decrypt(value: 'some encrypted string', key: 'some secret key', iv: 'some unique value', salt: 'another unique value')
|
|
46
|
+
# # or
|
|
47
|
+
# decrypted_value = Encryptor.decrypt('some encrypted string', key: 'some secret key', iv: 'some unique value', salt: 'another unique value')
|
|
48
|
+
def decrypt(*args, &block)
|
|
49
|
+
crypt :decrypt, *args, &block
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
protected
|
|
53
|
+
|
|
54
|
+
def crypt(cipher_method, *args) #:nodoc:
|
|
55
|
+
options = default_options.merge(value: args.first).merge(args.last.is_a?(Hash) ? args.last : {})
|
|
56
|
+
raise ArgumentError.new('must specify a key') if options[:key].to_s.empty?
|
|
57
|
+
cipher = OpenSSL::Cipher.new(options[:algorithm])
|
|
58
|
+
cipher.send(cipher_method)
|
|
59
|
+
unless options[:insecure_mode]
|
|
60
|
+
raise ArgumentError.new("key must be #{cipher.key_len} bytes or longer") if options[:key].bytesize < cipher.key_len
|
|
61
|
+
raise ArgumentError.new('must specify an iv') if options[:iv].to_s.empty?
|
|
62
|
+
raise ArgumentError.new("iv must be #{cipher.iv_len} bytes or longer") if options[:iv].bytesize < cipher.iv_len
|
|
63
|
+
end
|
|
64
|
+
if options[:iv]
|
|
65
|
+
# This is here for backwards compatibility for Encryptor v2.0.0.
|
|
66
|
+
cipher.iv = options[:iv] if options[:v2_gcm_iv]
|
|
67
|
+
if options[:salt].nil?
|
|
68
|
+
# Use a non-salted cipher.
|
|
69
|
+
# This behaviour is retained for backwards compatibility. This mode
|
|
70
|
+
# is not secure and new deployments should use the :salt options
|
|
71
|
+
# wherever possible.
|
|
72
|
+
cipher.key = options[:key]
|
|
73
|
+
else
|
|
74
|
+
# Use an explicit salt (which can be persisted into a database on a
|
|
75
|
+
# per-column basis, for example). This is the preferred (and more
|
|
76
|
+
# secure) mode of operation.
|
|
77
|
+
cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(options[:key], options[:salt], options[:hmac_iterations], cipher.key_len)
|
|
78
|
+
end
|
|
79
|
+
cipher.iv = options[:iv] unless options[:v2_gcm_iv]
|
|
80
|
+
else
|
|
81
|
+
# This is deprecated and needs to be changed.
|
|
82
|
+
cipher.pkcs5_keyivgen(options[:key])
|
|
83
|
+
end
|
|
84
|
+
yield cipher, options if block_given?
|
|
85
|
+
value = options[:value]
|
|
86
|
+
if cipher.authenticated?
|
|
87
|
+
if encryption?(cipher_method)
|
|
88
|
+
cipher.auth_data = options[:auth_data]
|
|
89
|
+
else
|
|
90
|
+
value = extract_cipher_text(options[:value])
|
|
91
|
+
cipher.auth_tag = extract_auth_tag(options[:value])
|
|
92
|
+
# auth_data must be set after auth_tag has been set when decrypting
|
|
93
|
+
# See http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html#method-i-auth_data-3D
|
|
94
|
+
cipher.auth_data = options[:auth_data]
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
result = cipher.update(value)
|
|
98
|
+
result << cipher.final
|
|
99
|
+
result << cipher.auth_tag if cipher.authenticated? && encryption?(cipher_method)
|
|
100
|
+
result
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
def encryption?(cipher_method)
|
|
104
|
+
cipher_method == :encrypt
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
def extract_cipher_text(value)
|
|
108
|
+
value[0..-17]
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
def extract_auth_tag(value)
|
|
112
|
+
value[-16..-1]
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
require 'base64'
|
|
3
|
+
|
|
4
|
+
module Eligible
|
|
5
|
+
class Lockbox < APIResource
|
|
6
|
+
def self.get(params, api_key = nil)
|
|
7
|
+
send_request(:get, api_url('lockboxes', params, :lockbox_id), api_key, params, :lockbox_id)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def self.all(params, api_key = nil)
|
|
11
|
+
send_request(:get, api_url('lockboxes'), api_key, params)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.extract_private_key(params)
|
|
15
|
+
private_key = Util.value(params, :private_key)
|
|
16
|
+
fail ArgumentError, "Private key is required for decryption" if private_key.nil?
|
|
17
|
+
private_key
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.delete_private_key!(params)
|
|
21
|
+
params.delete('private_key')
|
|
22
|
+
params.delete(:private_key)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def self.decrypt_data(data, encrypted_data_key, private_key)
|
|
26
|
+
pkey = OpenSSL::PKey::RSA.new(private_key)
|
|
27
|
+
aes_key = pkey.private_decrypt(Base64.decode64(encrypted_data_key))
|
|
28
|
+
sha_key = Digest::SHA256.hexdigest(aes_key)
|
|
29
|
+
Encryptor.decrypt(value: Base64.decode64(data), key: sha_key, insecure_mode: true)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def self.get_and_decrypt_from_lockbox(params, api_key = nil)
|
|
33
|
+
private_key = extract_private_key(params)
|
|
34
|
+
delete_private_key!(params)
|
|
35
|
+
req = get(params, api_key).to_hash
|
|
36
|
+
decrypt_data(req[:encrypted_data], req[:encrypted_key], private_key)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
|
|
3
|
+
module Eligible
|
|
4
|
+
class PublicKey < APIResource
|
|
5
|
+
def self.get(params, api_key = nil)
|
|
6
|
+
send_request(:get, api_url('public_keys', params, :key_id), api_key, params, :key_id)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def self.post(params, api_key = nil)
|
|
10
|
+
send_request(:post, api_url('public_keys'), api_key, params)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.activate(params, api_key = nil)
|
|
14
|
+
key_id = Util.value(params, :key_id)
|
|
15
|
+
send_request(:get, "/public_keys/#{key_id}/activate.json", api_key, params, :key_id)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def self.all(params, api_key = nil)
|
|
19
|
+
send_request(:get, api_url('public_keys'), api_key, params)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def self.create_pair
|
|
23
|
+
rsa_key = OpenSSL::PKey::RSA.new(4096)
|
|
24
|
+
[ rsa_key.to_pem, rsa_key.public_key.to_pem ]
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
data/lib/eligible/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: eligible
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.6.
|
|
4
|
+
version: 2.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Katelyn Gleaon
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2016-
|
|
13
|
+
date: 2016-08-31 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rest-client
|
|
@@ -110,6 +110,7 @@ files:
|
|
|
110
110
|
- ".gitignore"
|
|
111
111
|
- ".rspec"
|
|
112
112
|
- ".rubocop.yml"
|
|
113
|
+
- ".ruby-version"
|
|
113
114
|
- ChangeLog
|
|
114
115
|
- Gemfile
|
|
115
116
|
- LICENSE
|
|
@@ -124,6 +125,7 @@ files:
|
|
|
124
125
|
- lib/eligible/customer.rb
|
|
125
126
|
- lib/eligible/demographic.rb
|
|
126
127
|
- lib/eligible/eligible_object.rb
|
|
128
|
+
- lib/eligible/encryptor.rb
|
|
127
129
|
- lib/eligible/enrollment.rb
|
|
128
130
|
- lib/eligible/errors/api_connection_error.rb
|
|
129
131
|
- lib/eligible/errors/api_error.rb
|
|
@@ -131,12 +133,14 @@ files:
|
|
|
131
133
|
- lib/eligible/errors/eligible_error.rb
|
|
132
134
|
- lib/eligible/errors/invalid_request_error.rb
|
|
133
135
|
- lib/eligible/json.rb
|
|
136
|
+
- lib/eligible/lockbox.rb
|
|
134
137
|
- lib/eligible/medicare.rb
|
|
135
138
|
- lib/eligible/original_signature_pdf.rb
|
|
136
139
|
- lib/eligible/payer.rb
|
|
137
140
|
- lib/eligible/payment.rb
|
|
138
141
|
- lib/eligible/preauth_resource.rb
|
|
139
142
|
- lib/eligible/precert.rb
|
|
143
|
+
- lib/eligible/public_key.rb
|
|
140
144
|
- lib/eligible/received_pdf.rb
|
|
141
145
|
- lib/eligible/referral.rb
|
|
142
146
|
- lib/eligible/ticket.rb
|